import CS audit-3.0.7-5.el8
This commit is contained in:
parent
fa88729004
commit
68bd3dbf94
39
SOURCES/audit-3.0.8-flex-array-workaround.patch
Normal file
39
SOURCES/audit-3.0.8-flex-array-workaround.patch
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i
|
||||||
|
index 21aafca..8c48123 100644
|
||||||
|
--- a/bindings/swig/src/auditswig.i
|
||||||
|
+++ b/bindings/swig/src/auditswig.i
|
||||||
|
@@ -39,7 +39,7 @@ signed
|
||||||
|
#define __attribute(X) /*nothing*/
|
||||||
|
typedef unsigned __u32;
|
||||||
|
typedef unsigned uid_t;
|
||||||
|
-%include "/usr/include/linux/audit.h"
|
||||||
|
+%include "../lib/audit.h"
|
||||||
|
#define __extension__ /*nothing*/
|
||||||
|
%include <stdint.i>
|
||||||
|
%include "../lib/libaudit.h"
|
||||||
|
diff --git a/lib/audit.h b/lib/audit.h
|
||||||
|
index 51d7f2b..b2f306d 100644
|
||||||
|
--- a/lib/audit.h
|
||||||
|
+++ b/lib/audit.h
|
||||||
|
@@ -514,7 +514,7 @@ struct audit_rule_data {
|
||||||
|
__u32 values[AUDIT_MAX_FIELDS];
|
||||||
|
__u32 fieldflags[AUDIT_MAX_FIELDS];
|
||||||
|
__u32 buflen; /* total length of string fields */
|
||||||
|
- char buf[]; /* string fields buffer */
|
||||||
|
+ char buf[0]; /* string fields buffer */
|
||||||
|
};
|
||||||
|
|
||||||
|
#endif /* _LINUX_AUDIT_H_ */
|
||||||
|
diff --git a/lib/libaudit.h b/lib/libaudit.h
|
||||||
|
index 08b7d22..6b7408c 100644
|
||||||
|
--- a/lib/libaudit.h
|
||||||
|
+++ b/lib/libaudit.h
|
||||||
|
@@ -32,7 +32,7 @@ extern "C" {
|
||||||
|
#include <stdint.h>
|
||||||
|
#include <sys/socket.h>
|
||||||
|
#include <linux/netlink.h>
|
||||||
|
-#include <linux/audit.h>
|
||||||
|
+#include "audit.h"
|
||||||
|
#include <stdarg.h>
|
||||||
|
#include <syslog.h>
|
||||||
|
|
13
SOURCES/audit-3.0.8-undo-flex-array.patch
Normal file
13
SOURCES/audit-3.0.8-undo-flex-array.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
diff --git a/usr/include/libaudit.h b/usr/include/libaudit.h
|
||||||
|
index 6b7408c..08b7d22 100644
|
||||||
|
--- a/usr/include/libaudit.h
|
||||||
|
+++ b/usr/include/libaudit.h
|
||||||
|
@@ -32,7 +32,7 @@ extern "C" {
|
||||||
|
#include <stdint.h>
|
||||||
|
#include <sys/socket.h>
|
||||||
|
#include <linux/netlink.h>
|
||||||
|
-#include "audit.h"
|
||||||
|
+#include <linux/audit.h>
|
||||||
|
#include <stdarg.h>
|
||||||
|
#include <syslog.h>
|
||||||
|
|
122
SOURCES/audit-3.1-fanotify-records.patch
Normal file
122
SOURCES/audit-3.1-fanotify-records.patch
Normal file
@ -0,0 +1,122 @@
|
|||||||
|
From d1aec22f62b1cd95c16b26b67a9268ed27713f84 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Steve Grubb <sgrubb@redhat.com>
|
||||||
|
Date: Tue, 7 Feb 2023 10:32:11 -0500
|
||||||
|
Subject: [PATCH] Add support for new FANOTIFY record fields
|
||||||
|
|
||||||
|
---
|
||||||
|
ChangeLog | 1 +
|
||||||
|
auparse/auparse-defs.h | 5 ++--
|
||||||
|
auparse/interpret.c | 65 +++++++++++++++++++++++++++++++++++++++++-
|
||||||
|
auparse/typetab.h | 4 +++
|
||||||
|
4 files changed, 72 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/auparse/auparse-defs.h b/auparse/auparse-defs.h
|
||||||
|
index 7c0ac76..81a85a4 100644
|
||||||
|
--- a/auparse/auparse-defs.h
|
||||||
|
+++ b/auparse/auparse-defs.h
|
||||||
|
@@ -88,7 +88,8 @@ typedef enum { AUPARSE_TYPE_UNCLASSIFIED, AUPARSE_TYPE_UID, AUPARSE_TYPE_GID,
|
||||||
|
AUPARSE_TYPE_NETACTION, AUPARSE_TYPE_MACPROTO,
|
||||||
|
AUPARSE_TYPE_IOCTL_REQ, AUPARSE_TYPE_ESCAPED_KEY,
|
||||||
|
AUPARSE_TYPE_ESCAPED_FILE, AUPARSE_TYPE_FANOTIFY,
|
||||||
|
- AUPARSE_TYPE_NLMCGRP, AUPARSE_TYPE_RESOLVE
|
||||||
|
+ AUPARSE_TYPE_NLMCGRP, AUPARSE_TYPE_RESOLVE, AUPARSE_TYPE_TRUST,
|
||||||
|
+ AUPARSE_TYPE_FAN_TYPE, AUPARSE_TYPE_FAN_INFO
|
||||||
|
} auparse_type_t;
|
||||||
|
|
||||||
|
/* This type determines what escaping if any gets applied to interpreted fields */
|
||||||
|
diff --git a/auparse/interpret.c b/auparse/interpret.c
|
||||||
|
index 373851f..f106056 100644
|
||||||
|
--- a/auparse/interpret.c
|
||||||
|
+++ b/auparse/interpret.c
|
||||||
|
@@ -2372,6 +2372,60 @@ static const char *print_openat2_resolve(const char *val)
|
||||||
|
return strdup(buf);
|
||||||
|
}
|
||||||
|
|
||||||
|
+static const char *print_trust(const char *val)
|
||||||
|
+{
|
||||||
|
+ const char *out;
|
||||||
|
+
|
||||||
|
+ if (strcmp(val, "0") == 0)
|
||||||
|
+ out = strdup("no");
|
||||||
|
+ else if (strcmp(val, "1") == 0)
|
||||||
|
+ out = strdup("yes");
|
||||||
|
+ else
|
||||||
|
+ out = strdup("unknown");
|
||||||
|
+
|
||||||
|
+ return out;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+// fan_type always preceeds fan_info
|
||||||
|
+static int last_type = 2;
|
||||||
|
+static const char *print_fan_type(const char *val)
|
||||||
|
+{
|
||||||
|
+ const char *out;
|
||||||
|
+
|
||||||
|
+ if (strcmp(val, "0") == 0) {
|
||||||
|
+ out = strdup("none");
|
||||||
|
+ last_type = 0;
|
||||||
|
+ } else if (strcmp(val, "1") == 0) {
|
||||||
|
+ out = strdup("rule_info");
|
||||||
|
+ last_type = 1;
|
||||||
|
+ } else {
|
||||||
|
+ out = strdup("unknown");
|
||||||
|
+ last_type = 2;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return out;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static const char *print_fan_info(const char *val)
|
||||||
|
+{
|
||||||
|
+ const char *out;
|
||||||
|
+ if (last_type == 1) {
|
||||||
|
+ errno = 0;
|
||||||
|
+ unsigned long info = strtoul(val, NULL, 16);
|
||||||
|
+ if (errno) {
|
||||||
|
+ if (asprintf(&out, "conversion error(%s)", val) < 0)
|
||||||
|
+ out = NULL;
|
||||||
|
+ return out;
|
||||||
|
+ } else {
|
||||||
|
+ if (asprintf(&out, "%lu", info) < 0)
|
||||||
|
+ out = NULL;
|
||||||
|
+ return out;
|
||||||
|
+ }
|
||||||
|
+ } else
|
||||||
|
+ out = strdup(val);
|
||||||
|
+ return out;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static const char *print_a0(const char *val, const idata *id)
|
||||||
|
{
|
||||||
|
char *out;
|
||||||
|
@@ -3286,6 +3340,15 @@ unknown:
|
||||||
|
case AUPARSE_TYPE_RESOLVE:
|
||||||
|
out = print_openat2_resolve(id->val);
|
||||||
|
break;
|
||||||
|
+ case AUPARSE_TYPE_TRUST:
|
||||||
|
+ out = print_trust(id->val);
|
||||||
|
+ break;
|
||||||
|
+ case AUPARSE_TYPE_FAN_TYPE:
|
||||||
|
+ out = print_fan_type(id->val);
|
||||||
|
+ break;
|
||||||
|
+ case AUPARSE_TYPE_FAN_INFO:
|
||||||
|
+ out = print_fan_info(id->val);
|
||||||
|
+ break;
|
||||||
|
case AUPARSE_TYPE_MAC_LABEL:
|
||||||
|
case AUPARSE_TYPE_UNCLASSIFIED:
|
||||||
|
default:
|
||||||
|
diff --git a/auparse/typetab.h b/auparse/typetab.h
|
||||||
|
index 0e37d02..5c8fca8 100644
|
||||||
|
--- a/auparse/typetab.h
|
||||||
|
+++ b/auparse/typetab.h
|
||||||
|
@@ -145,3 +145,7 @@ _S(AUPARSE_TYPE_ESCAPED, "sw" )
|
||||||
|
_S(AUPARSE_TYPE_ESCAPED, "root_dir" )
|
||||||
|
_S(AUPARSE_TYPE_NLMCGRP, "nl-mcgrp" )
|
||||||
|
_S(AUPARSE_TYPE_RESOLVE, "resolve" )
|
||||||
|
+_S(AUPARSE_TYPE_TRUST, "subj_trust" )
|
||||||
|
+_S(AUPARSE_TYPE_TRUST, "obj_trust" )
|
||||||
|
+_S(AUPARSE_TYPE_FAN_TYPE, "fan_type" )
|
||||||
|
+_S(AUPARSE_TYPE_FAN_INFO, "fan_info" )
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
@ -3,7 +3,7 @@
|
|||||||
Summary: User space tools for kernel auditing
|
Summary: User space tools for kernel auditing
|
||||||
Name: audit
|
Name: audit
|
||||||
Version: 3.0.7
|
Version: 3.0.7
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
URL: http://people.redhat.com/sgrubb/audit/
|
URL: http://people.redhat.com/sgrubb/audit/
|
||||||
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
|
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
|
||||||
@ -11,12 +11,16 @@ Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
|
|||||||
|
|
||||||
Patch1: audit-3.0.8-auparse-path-norm.patch
|
Patch1: audit-3.0.8-auparse-path-norm.patch
|
||||||
Patch2: audit-3.0.8-drop-protecthome.patch
|
Patch2: audit-3.0.8-drop-protecthome.patch
|
||||||
|
Patch3: audit-3.1-fanotify-records.patch
|
||||||
|
Patch4: audit-3.0.8-flex-array-workaround.patch
|
||||||
|
Patch5: audit-3.0.8-undo-flex-array.patch
|
||||||
|
|
||||||
BuildRequires: gcc swig make
|
BuildRequires: gcc swig make
|
||||||
BuildRequires: openldap-devel
|
BuildRequires: openldap-devel
|
||||||
BuildRequires: krb5-devel libcap-ng-devel
|
BuildRequires: krb5-devel libcap-ng-devel
|
||||||
BuildRequires: kernel-headers >= 2.6.29
|
BuildRequires: kernel-headers >= 2.6.29
|
||||||
BuildRequires: systemd
|
BuildRequires: systemd
|
||||||
|
#BuildRequires: autoconf automake libtool
|
||||||
|
|
||||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
Requires(post): systemd coreutils
|
Requires(post): systemd coreutils
|
||||||
@ -86,8 +90,15 @@ Management Facility) database, through an IBM Tivoli Directory Server
|
|||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
cp %{SOURCE1} .
|
cp %{SOURCE1} .
|
||||||
%patch1 -p1
|
|
||||||
%patch2 -p1
|
#autoreconf -fv --install
|
||||||
|
|
||||||
|
cp /usr/include/linux/audit.h lib/
|
||||||
|
|
||||||
|
%patch -P 1 -p1
|
||||||
|
%patch -P 2 -p1
|
||||||
|
%patch -P 3 -p1
|
||||||
|
%patch -P 4 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure --with-python=no \
|
%configure --with-python=no \
|
||||||
@ -112,12 +123,19 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libaudit.a
|
|||||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/libauparse.a
|
rm -f $RPM_BUILD_ROOT/%{_libdir}/libauparse.a
|
||||||
|
|
||||||
find $RPM_BUILD_ROOT -name '*.la' -delete
|
find $RPM_BUILD_ROOT -name '*.la' -delete
|
||||||
find $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages -name '*.a' -delete
|
find $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages -name '*.a' -delete || true
|
||||||
|
|
||||||
# On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
|
# On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
|
||||||
touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
|
touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
|
||||||
touch -r ./audit.spec $RPM_BUILD_ROOT/usr/share/man/man5/libaudit.conf.5.gz
|
touch -r ./audit.spec $RPM_BUILD_ROOT/usr/share/man/man5/libaudit.conf.5.gz
|
||||||
|
|
||||||
|
# undo the workaround
|
||||||
|
cur=`pwd`
|
||||||
|
cd $RPM_BUILD_ROOT
|
||||||
|
patch -p1 < %{PATCH5}
|
||||||
|
find . -name '*.orig' -delete
|
||||||
|
cd $cur
|
||||||
|
|
||||||
%check
|
%check
|
||||||
make check
|
make check
|
||||||
# Get rid of make files so that they don't get packaged.
|
# Get rid of make files so that they don't get packaged.
|
||||||
@ -240,6 +258,12 @@ fi
|
|||||||
%attr(750,root,root) %{_sbindir}/audispd-zos-remote
|
%attr(750,root,root) %{_sbindir}/audispd-zos-remote
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jun 22 2023 Radovan Sroka <rsroka@redhat.com> - 3.0.7-5
|
||||||
|
- Introduce new fanotify record fields
|
||||||
|
Resolves: rhbz#2216668
|
||||||
|
- invalid use of flexible array member
|
||||||
|
Resolves: rhbz#2116867
|
||||||
|
|
||||||
* Mon May 02 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-4
|
* Mon May 02 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-4
|
||||||
- Drop ProtectHome from auditd.service as it interferes with rules
|
- Drop ProtectHome from auditd.service as it interferes with rules
|
||||||
Resolves: rhbz#2071727 - Default systemd service config blocks audit watch rules in some directories
|
Resolves: rhbz#2071727 - Default systemd service config blocks audit watch rules in some directories
|
||||||
|
Loading…
Reference in New Issue
Block a user